Privacy Policy

Last updated: July 18, 2026

1. The short version

We collect the minimum needed to run the game: an email address, a username, a securely hashed password, and your game progress. Payments are handled by Stripe (and potentially PayPal) — we never see or store your card details. We don't run ads, we don't use third-party analytics or tracking, and we never sell your data. Full details below.

Data controller: the independent operator of Allure of Kingdoms: Ancient Past ("we"), reachable at support@allureofthepast.com.

2. What we collect

What we deliberately do not collect: card numbers, real names (unless you email us), addresses, phone numbers, advertising identifiers, or any tracking beyond the single cookie needed to keep you logged in.

3. How we use your data

Legal bases where GDPR or similar laws apply: performance of our contract with you (running the game and delivering purchases), our legitimate interests (security and fraud prevention), and legal obligation (financial records). We do not use your data for marketing.

4. Cookies

We use exactly one cookie: a session cookie named akap that keeps you logged in. It is essential to the service, contains only a random session identifier, and is not used for tracking or advertising. No consent banner is required for strictly necessary cookies — which is the only kind we use.

5. Who we share data with

That's the whole list. We never sell, rent, or trade personal data, and there are no advertising or analytics partners.

6. Where your data lives & international transfers

Game data is stored on servers in the United States operated by our hosting provider. If you play from outside the US, your data is transferred there; we rely on our providers' standard safeguards for such transfers.

7. How long we keep it

8. Your rights

Email support@allureofthepast.com from your account's email address to:

We will respond within 30 days.

9. Children

The game is not intended for children under 13, and we do not knowingly collect data from them. If you believe a child under 13 has created an account, email us and we will delete it. Players under the age of majority need a parent or guardian's consent to play and to make purchases.

10. Security

All traffic is encrypted with HTTPS/TLS. Passwords are stored only as bcrypt hashes. Database access uses parameterised queries. Payment card data never touches our servers. AP balances are maintained in an append-only ledger for auditability. No system is perfectly secure, but we deliberately minimise what we hold — the less we store, the less there is to lose.

11. Changes to this policy

If we change this policy, the "Last updated" date will change and material changes will be announced on the website before they take effect.

12. Contact

Privacy questions and requests: support@allureofthepast.com